The Komodo team has discovered a bug in the mobile app that logged private keys of specific coins, upon specific user actions, into a LOCAL in-app log-file.
This bug does not impact Komodo Wallet (web) or Komodo Wallet (desktop).
We believe this is an edge case that only impacts a small group of users.
Most importantly, at no point in time did the Komodo Wallet mobile app leak or upload any sensitive data. The local log-file never leaves the user’s device UNLESS the user explicitly and actively shares it with someone else.
Your funds are only at risk if you did the following actions in this exact order:
1. Used the export private key functionality in Komodo Wallet (mobile)
2. Shared your log-file with someone else afterward
Keeping Your Funds Safe
If you believe you may have done these actions, please take the following steps to secure your funds:
1. Update to Komodo Wallet (mobile v0.6.4) immediately
2. Create a new wallet/account in Komodo Wallet by generating a new seed phrase via Komodo Wallet or choose an external wallet.
3. Find your new crypto addresses and move your funds.
To minimize the potential risk of bad actors, our team has searched for public messages on Komodo’s main user-facing social channels (Discord, Telegram, and GitHub) that might have included Komodo Wallet (mobile) log-files. Fortunately, we haven’t yet found any log-files containing sensitive info.
However, there may be other public or private messages on other social channels that are outside our team’s knowledge and/or ability to delete.
We advise that you don’t share your log-file in public channels. Also, the Komodo team will never reach out via private message to ask you about sharing your log-file (unless you explicitly ask for help in one of our public channels). On Komodo Discord, only official Komodo team members have usernames written in green font. Always be cautious of potential scammers and phishing attempts!
The bug has now been fixed, and the previous mobile release build (v0.6.3) will expire soon.
All mobile app users, whether directly impacted by this bug or not, MUST update to v0.6.4, which includes the fix, the next time you open the app. For some users, Komodo Wallet (mobile may have updated to v0.6.4 automatically.